Condividi:        

problema redirect HELP

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi sundek » 30/03/07 14:18

grazie 1000, sei 1 grande!!! :D ho fatto tutto passo-passo, la spiegazione ke mi hai lasciato meglio di cosi non potevi 8)
pratikamente quando l'ho fatto la prima volta non mi dava il messaggio "Vuoi sostituire la copia del file.....? scegli SI, non so xke', forse sbagliavo la gestione del mouse :-? comunque dopo la tua dettagliatissima spiegazione i conti sono tornati :lol:
sundek
Utente Junior
 
Post: 33
Iscritto il: 02/02/07 04:39

Sponsor
 

Postdi basilio » 01/04/07 11:02

Salve ho lo stesso problema degli altri utenti ma tra tutti i metodi elencati non ho ben capito dove sbattere la testa. Se qualcuno potesse seguirmi per capire come devo fare ve ne sarei molto grato. Grazie!
P.S ho provato con vari programmi anti spyware ecc e non sono riuscito a risolvere il problema quindi mi affido alle vostre esperienze.
basilio
Utente Junior
 
Post: 15
Iscritto il: 14/01/07 20:35

Postdi basilio » 01/04/07 11:30

Posto il risultato del log di GMER


GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2007-04-01 12:26:00
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory

---- EOF - GMER 1.0.10 ----


GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2007-04-01 12:28:15
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Systemkdfkl.exe = kdfkl.exe

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
BlueSoleil Hid Service /*BlueSoleil Hid Service*/@ = C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\system32\CTsvcCDA.exe
SmcService /*Sygate Personal Firewall Pro*/@ = C:\Program Files\Sygate\SPF\smc.exe
Spooler /*Spouleur d'impression*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINDOWS\system32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@RemoteControlC:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe = C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
@HP Software UpdateC:\Program Files\HP\HP Software Update\HPWuSchd2.exe = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
@SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" = "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
@SmcServiceC:\PROGRA~1\Sygate\SPF\smc.exe -startgui = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@TkBellExe"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Creative WebCam Tray"C:\Program Files\Creative\Shared Files\CamTray.exe" = "C:\Program Files\Creative\Shared Files\CamTray.exe"
@MsnMsgr"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
@Skype"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
@Yahoo! Pager"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" = "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
@Creative Detector"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
@Spyware Doctor"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q = "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Extension Affichage Panorama du Panneau de configuration*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Page de propriétés des versions précédentes*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versions précédentes*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Program Files\Alwil Software\Avast4\ashShell.dll = C:\Program Files\Alwil Software\Avast4\ashShell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\PROGRA~1\Yahoo!\Common\ymmapi.dll = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
@{4AFB2C13-9D16-4478-AEF4-C3FC539961E4} /*Zen Vision:M Media Explorer*/C:\Program Files\Creative\Creative Zen Vision M\SHCTMTP.dll = C:\Program Files\Creative\Creative Zen Vision M\SHCTMTP.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
CTMTPMediaExplorer@{7895F317-A125-42CC-BD3E-5830765CE577} = C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll
VIDEOTRANS@{C8CA0A66-AF32-4D5E-879E-F0809ACEDC55} = C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\AmvTransform.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
CTMTPMediaExplorer@{7895F317-A125-42CC-BD3E-5830765CE577} = C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar3.dll = c:\program files\google\googletoolbar3.dll
@{B56A7D7D-6927-48C8-A975-17DF180C71AC}C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\scrnsave.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://home.neuf.fr = http://home.neuf.fr
@Start Pagehttp://home.neuf.fr/ = http://home.neuf.fr/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
skype4com@CLSID = C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
BlueSoleil.lnk = BlueSoleil.lnk
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
NETGEAR WG511v2 Wireless Assistant.lnk = NETGEAR WG511v2 Wireless Assistant.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk

---- EOF - GMER 1.0.10 ----
basilio
Utente Junior
 
Post: 15
Iscritto il: 14/01/07 20:35

Postdi Luke57 » 01/04/07 12:08

Ciao, apri Gmer.exe, spunta le caselle ADS e files, fai uno scan, al termine quando ha individuato
File C:\WINDOWS\system32\kdhxf.exe
Click tasto dx e scegli Delete.

Apri il registro di sistema:
start>esegui>regedit (lo digiti nello spazio)>OK
Ciccando sul segno + accanto alle singole voci, segui questo percorso:

HKEY_LOCAL_MACHINE
Software
Microsoft
Windows NT
CurrentVersion\Winlogon
Winlogon
Click su quest’ultima cartella, indidui la stringa

"System"="kdhxf.exe"
doppio click su di essa, nella finestra Modifica stringa vai nello spazio Dati valore e cancelli la voce
kdhxf.exe, selezionandola e premendo Canc>OK. Chiudi il registro.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi basilio » 01/04/07 13:29

In GMER non trovo la casella ADS. Dove si trova? sotto Rootkit?
basilio
Utente Junior
 
Post: 15
Iscritto il: 14/01/07 20:35

Postdi Luke57 » 01/04/07 13:51

Ciao, con tutte le applicazuioni chiuse, apri Gmer.exe, premi il tasto>>>> poi il tab.Rootkit, spunti solamente files e ADS, premi scan.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi basilio » 01/04/07 16:19

Scusa la mia ignoranza ma nella mia versione non c'è proprio la casella ADS, ma c'è solo file e altri sotto Rootkit ne sotto gli altri.
basilio
Utente Junior
 
Post: 15
Iscritto il: 14/01/07 20:35

Postdi basilio » 01/04/07 16:35

Ho cercato e non c'è proprio ed inoltre quando provo a fare la scansione con solo spuntato File dopo un po mi da errore e si blocca il programma sempre allo stesso punto
basilio
Utente Junior
 
Post: 15
Iscritto il: 14/01/07 20:35

Postdi basilio » 01/04/07 18:50

ho trovato la versione che dici tu ma mi da errore al momento d'avvio e una volta dentro il pulsante scan non è usabile..Non riesco proprio a capire il prioblema..non è possibile. spero che grazie allla vostra coresia riesco a fare qualcosa di buono
basilio
Utente Junior
 
Post: 15
Iscritto il: 14/01/07 20:35

Postdi Luke57 » 02/04/07 07:07

Ciao, prova con avenger.
Prima esegui l'operazione al registro di sistema come spiegato.
scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


files to delete:
C:\WINDOWS\system32\kdhxf.exe



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi basilio » 02/04/07 10:10

Questo è l'esito dello script:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hfqaubla

*******************

Script file located at: itrwiahm

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!
basilio
Utente Junior
 
Post: 15
Iscritto il: 14/01/07 20:35

Postdi Luke57 » 02/04/07 10:43

Ciao, ripeti l'operazione, è andata buca ;)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi basilio » 02/04/07 18:50

Ciao. Ho riprovato ma non mi ha ricreato il log. Non so perchè. Mi sta facendo impazzire.
basilio
Utente Junior
 
Post: 15
Iscritto il: 14/01/07 20:35

Postdi basilio » 02/04/07 19:18

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\k^yqjjqf

*******************

Script file located at: \??\C:\Program Files\dceoamvi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\kdhxf.exe not found!
Deletion of file C:\WINDOWS\system32\kdhxf.exe failed!

Could not process line:
C:\WINDOWS\system32\kdhxf.exe
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
basilio
Utente Junior
 
Post: 15
Iscritto il: 14/01/07 20:35

Postdi basilio » 04/04/07 19:53

Il problema sembra persistere se anche attenuato ed in più nella chiusura delle pagine mi appare un errore avvolte.
basilio
Utente Junior
 
Post: 15
Iscritto il: 14/01/07 20:35

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "problema redirect HELP":

problema blocco note
Autore: carlin
Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 41 ospiti